[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.38' (ECDSA) to the list of known hosts. 2020/07/17 23:09:15 fuzzer started 2020/07/17 23:09:16 dialing manager at 10.128.0.26:41463 2020/07/17 23:09:16 syscalls: 2944 2020/07/17 23:09:16 code coverage: enabled 2020/07/17 23:09:16 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2020/07/17 23:09:16 extra coverage: enabled 2020/07/17 23:09:16 setuid sandbox: enabled 2020/07/17 23:09:16 namespace sandbox: enabled 2020/07/17 23:09:16 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/17 23:09:16 fault injection: enabled 2020/07/17 23:09:16 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/17 23:09:16 net packet injection: enabled 2020/07/17 23:09:16 net device setup: enabled 2020/07/17 23:09:16 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/17 23:09:16 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/17 23:09:16 USB emulation: /dev/raw-gadget does not exist 23:11:36 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x3, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x20, 0x0, 0x0, 0xfffff010}, {0x6}]}, 0x10) sendmsg(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000001c0)="c9971dbf", 0x4}], 0x1}, 0x0) syzkaller login: [ 256.636252][ T8454] IPVS: ftp: loaded support on port[0] = 21 [ 256.851169][ T8454] chnl_net:caif_netlink_parms(): no params data found [ 257.107754][ T8454] bridge0: port 1(bridge_slave_0) entered blocking state [ 257.115270][ T8454] bridge0: port 1(bridge_slave_0) entered disabled state [ 257.124615][ T8454] device bridge_slave_0 entered promiscuous mode [ 257.136424][ T8454] bridge0: port 2(bridge_slave_1) entered blocking state [ 257.144541][ T8454] bridge0: port 2(bridge_slave_1) entered disabled state [ 257.153766][ T8454] device bridge_slave_1 entered promiscuous mode [ 257.196298][ T8454] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 257.212915][ T8454] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 257.262033][ T8454] team0: Port device team_slave_0 added [ 257.273344][ T8454] team0: Port device team_slave_1 added [ 257.316339][ T8454] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 257.323602][ T8454] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 257.350103][ T8454] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 257.365065][ T8454] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 257.372118][ T8454] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 257.399001][ T8454] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 257.554762][ T8454] device hsr_slave_0 entered promiscuous mode [ 257.583297][ T8454] device hsr_slave_1 entered promiscuous mode [ 257.972757][ T8454] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 258.020331][ T8454] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 258.061891][ T8454] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 258.109650][ T8454] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 258.413167][ T8454] 8021q: adding VLAN 0 to HW filter on device bond0 [ 258.437036][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 258.446984][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 258.466598][ T8454] 8021q: adding VLAN 0 to HW filter on device team0 [ 258.486938][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 258.497048][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 258.506378][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 258.513713][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 258.572680][ T8454] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 258.583585][ T8454] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 258.599051][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 258.608323][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 258.618075][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 258.627690][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 258.635013][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 258.644031][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 258.654652][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 258.665287][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 258.675708][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 258.685975][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 258.696430][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 258.706743][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 258.716408][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 258.726584][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 258.736133][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 258.801068][ T8454] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 258.882357][ T8454] device veth0_vlan entered promiscuous mode [ 258.904416][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 258.914295][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 258.923232][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 258.930823][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 258.939319][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 258.949322][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 258.959326][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 258.969014][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 258.986888][ T8454] device veth1_vlan entered promiscuous mode [ 259.050919][ T8454] device veth0_macvtap entered promiscuous mode [ 259.063734][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 259.073244][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 259.082036][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 259.091840][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 259.104530][ T8454] device veth1_macvtap entered promiscuous mode [ 259.149480][ T8454] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 259.159315][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 259.168641][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 259.177974][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 259.187886][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 259.207129][ T8454] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 259.214879][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 259.225505][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 259.359466][ T8658] ===================================================== [ 259.366471][ T8658] BUG: KMSAN: uninit-value in bpf_skb_get_nlattr_nest+0x14c/0x2f0 [ 259.374288][ T8658] CPU: 0 PID: 8658 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 259.382878][ T8658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 259.392944][ T8658] Call Trace: [ 259.396252][ T8658] dump_stack+0x1df/0x240 [ 259.400597][ T8658] kmsan_report+0xf7/0x1e0 [ 259.405024][ T8658] __msan_warning+0x58/0xa0 [ 259.409554][ T8658] bpf_skb_get_nlattr_nest+0x14c/0x2f0 [ 259.415288][ T8658] ___bpf_prog_run+0x214d/0x97a0 [ 259.420231][ T8658] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 259.426404][ T8658] ? bpf_skb_get_nlattr+0x290/0x290 [ 259.431622][ T8658] __bpf_prog_run32+0x101/0x170 [ 259.436500][ T8658] ? kmsan_get_metadata+0x4f/0x180 [ 259.441631][ T8658] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 259.447448][ T8658] ? ___bpf_prog_run+0x97a0/0x97a0 [ 259.452573][ T8658] sk_filter_trim_cap+0x42a/0xcc0 [ 259.457618][ T8658] ? kmsan_get_metadata+0x11d/0x180 [ 259.462816][ T8658] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 259.468633][ T8658] unix_dgram_sendmsg+0x1987/0x3c30 [ 259.473848][ T8658] ? kmsan_get_metadata+0x11d/0x180 [ 259.479143][ T8658] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 259.485237][ T8658] unix_seqpacket_sendmsg+0x26c/0x2e0 [ 259.490628][ T8658] ? unix_dgram_peer_wake_me+0x7e0/0x7e0 [ 259.496275][ T8658] ____sys_sendmsg+0x1370/0x1400 [ 259.501259][ T8658] __sys_sendmsg+0x623/0x750 [ 259.505875][ T8658] ? kmsan_check_memory+0xd/0x10 [ 259.510812][ T8658] ? _copy_to_user+0x12e/0x1d0 [ 259.515579][ T8658] ? kmsan_get_metadata+0x11d/0x180 [ 259.520785][ T8658] ? kmsan_get_metadata+0x11d/0x180 [ 259.525989][ T8658] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 259.531798][ T8658] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 259.537963][ T8658] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 259.543874][ T8658] __se_sys_sendmsg+0x97/0xb0 [ 259.548582][ T8658] __x64_sys_sendmsg+0x4a/0x70 [ 259.553357][ T8658] do_syscall_64+0xb0/0x150 [ 259.557870][ T8658] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 259.563760][ T8658] RIP: 0033:0x45c1d9 [ 259.567647][ T8658] Code: Bad RIP value. [ 259.571710][ T8658] RSP: 002b:00007f37a73ecc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 259.580121][ T8658] RAX: ffffffffffffffda RBX: 0000000000025c40 RCX: 000000000045c1d9 [ 259.588089][ T8658] RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000003 [ 259.596059][ T8658] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 259.604031][ T8658] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 259.612093][ T8658] R13: 0000000000c9fb6f R14: 00007f37a73ed9c0 R15: 000000000078bf0c [ 259.620078][ T8658] [ 259.622402][ T8658] Uninit was stored to memory at: [ 259.627439][ T8658] kmsan_internal_chain_origin+0xad/0x130 [ 259.633165][ T8658] __msan_chain_origin+0x50/0x90 [ 259.638102][ T8658] ___bpf_prog_run+0x6cbe/0x97a0 [ 259.643048][ T8658] __bpf_prog_run32+0x101/0x170 [ 259.647918][ T8658] sk_filter_trim_cap+0x42a/0xcc0 [ 259.652952][ T8658] unix_dgram_sendmsg+0x1987/0x3c30 [ 259.658148][ T8658] unix_seqpacket_sendmsg+0x26c/0x2e0 [ 259.663525][ T8658] ____sys_sendmsg+0x1370/0x1400 [ 259.668545][ T8658] __sys_sendmsg+0x623/0x750 [ 259.673138][ T8658] __se_sys_sendmsg+0x97/0xb0 [ 259.677818][ T8658] __x64_sys_sendmsg+0x4a/0x70 [ 259.682580][ T8658] do_syscall_64+0xb0/0x150 [ 259.687084][ T8658] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 259.692961][ T8658] [ 259.695277][ T8658] Uninit was stored to memory at: [ 259.700321][ T8658] kmsan_internal_chain_origin+0xad/0x130 [ 259.706034][ T8658] __msan_chain_origin+0x50/0x90 [ 259.710968][ T8658] ___bpf_prog_run+0x6c64/0x97a0 [ 259.715901][ T8658] __bpf_prog_run32+0x101/0x170 [ 259.720759][ T8658] sk_filter_trim_cap+0x42a/0xcc0 [ 259.725779][ T8658] unix_dgram_sendmsg+0x1987/0x3c30 [ 259.730970][ T8658] unix_seqpacket_sendmsg+0x26c/0x2e0 [ 259.736337][ T8658] ____sys_sendmsg+0x1370/0x1400 [ 259.741273][ T8658] __sys_sendmsg+0x623/0x750 [ 259.745858][ T8658] __se_sys_sendmsg+0x97/0xb0 [ 259.750544][ T8658] __x64_sys_sendmsg+0x4a/0x70 [ 259.755322][ T8658] do_syscall_64+0xb0/0x150 [ 259.759827][ T8658] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 259.765703][ T8658] [ 259.768025][ T8658] Local variable ----regs@__bpf_prog_run32 created at: [ 259.774870][ T8658] __bpf_prog_run32+0x87/0x170 [ 259.779633][ T8658] __bpf_prog_run32+0x87/0x170 [ 259.784385][ T8658] ===================================================== [ 259.791308][ T8658] Disabling lock debugging due to kernel taint [ 259.797453][ T8658] Kernel panic - not syncing: panic_on_warn set ... [ 259.804038][ T8658] CPU: 0 PID: 8658 Comm: syz-executor.0 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 259.813996][ T8658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 259.824044][ T8658] Call Trace: [ 259.827333][ T8658] dump_stack+0x1df/0x240 [ 259.831667][ T8658] panic+0x3d5/0xc3e [ 259.835583][ T8658] kmsan_report+0x1df/0x1e0 [ 259.840086][ T8658] __msan_warning+0x58/0xa0 [ 259.844588][ T8658] bpf_skb_get_nlattr_nest+0x14c/0x2f0 [ 259.850140][ T8658] ___bpf_prog_run+0x214d/0x97a0 [ 259.855073][ T8658] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 259.861227][ T8658] ? bpf_skb_get_nlattr+0x290/0x290 [ 259.866442][ T8658] __bpf_prog_run32+0x101/0x170 [ 259.871298][ T8658] ? kmsan_get_metadata+0x4f/0x180 [ 259.876405][ T8658] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 259.882208][ T8658] ? ___bpf_prog_run+0x97a0/0x97a0 [ 259.887320][ T8658] sk_filter_trim_cap+0x42a/0xcc0 [ 259.892351][ T8658] ? kmsan_get_metadata+0x11d/0x180 [ 259.897549][ T8658] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 259.903349][ T8658] unix_dgram_sendmsg+0x1987/0x3c30 [ 259.908542][ T8658] ? kmsan_get_metadata+0x11d/0x180 [ 259.913742][ T8658] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 259.919831][ T8658] unix_seqpacket_sendmsg+0x26c/0x2e0 [ 259.925203][ T8658] ? unix_dgram_peer_wake_me+0x7e0/0x7e0 [ 259.930834][ T8658] ____sys_sendmsg+0x1370/0x1400 [ 259.935791][ T8658] __sys_sendmsg+0x623/0x750 [ 259.940396][ T8658] ? kmsan_check_memory+0xd/0x10 [ 259.945331][ T8658] ? _copy_to_user+0x12e/0x1d0 [ 259.950092][ T8658] ? kmsan_get_metadata+0x11d/0x180 [ 259.955396][ T8658] ? kmsan_get_metadata+0x11d/0x180 [ 259.960610][ T8658] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 259.966421][ T8658] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 259.972575][ T8658] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 259.978476][ T8658] __se_sys_sendmsg+0x97/0xb0 [ 259.983157][ T8658] __x64_sys_sendmsg+0x4a/0x70 [ 259.987922][ T8658] do_syscall_64+0xb0/0x150 [ 259.992427][ T8658] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 259.998313][ T8658] RIP: 0033:0x45c1d9 [ 260.002194][ T8658] Code: Bad RIP value. [ 260.006249][ T8658] RSP: 002b:00007f37a73ecc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 260.014652][ T8658] RAX: ffffffffffffffda RBX: 0000000000025c40 RCX: 000000000045c1d9 [ 260.022620][ T8658] RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000003 [ 260.030589][ T8658] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 260.038554][ T8658] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 260.046519][ T8658] R13: 0000000000c9fb6f R14: 00007f37a73ed9c0 R15: 000000000078bf0c [ 260.055743][ T8658] Kernel Offset: 0xc200000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 260.067267][ T8658] Rebooting in 86400 seconds..